<%@page import="org.apache.commons.fileupload.FileItem"%>
<%@page import="org.apache.commons.fileupload.servlet.ServletFileUpload"%>
<%@page import="org.apache.commons.fileupload.disk.DiskFileItemFactory"%>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%

String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'jieshou1.jsp' starting page</title>
    
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="cache-control" content="no-cache">
	<meta http-equiv="expires" content="0">    
	<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
	<meta http-equiv="description" content="This is my page">
	<!--
	<link rel="stylesheet" type="text/css" href="styles.css">
	-->

  </head>
  
  <body>
  <%
      DiskFileItemFactory df=new DiskFileItemFactory();
      ServletFileUpload upload=new ServletFileUpload(df);
      upload.setHeaderEncoding("utf-8");
      List<FileItem> list=upload.parseRequest(request);
      out.print("<script>alert(1)</script>");
      for(FileItem f:list){
    	  if(f.isFormField()){
    		  out.print("这是普通的表单元素："+f.getFieldName()+"="+f.getString("utf-8"));
    	  }else{
    		  String filePath=application.getRealPath("imags");
    		  out.print(filePath);
    		  out.print("这是一个文件元素：文件名是："+f.getName());
    		  String oldName=f.getName();
    		  String houzhui=oldName.substring(oldName.lastIndexOf('.'));
    		  
    		  String newFileName=UUID.randomUUID()+houzhui;
    		  
    		  f.write(new java.io.File(filePath,newFileName));//内容
    		  out.print("<img src='imags/"+newFileName+"'/>");
    	  }
    	  out.print("<hr/>");
      }
    %> <br>
  </body>
</html>
